Using Clair to scan DOCKER images for vulnerability

mustafa_turab_ali · October 8, 2019, 1:18pm

Using Clair to scan docker images within CI pipelines.

version: ‘1.0’
steps:

  Docker-Build:
      title: Building docker image
      type: build
      arguments:
        working_directory: ${{main_clone}}
        dockerfile: docker/Dockerfile
        image_name: '${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}'
        tag: master
        no_cache: true
      build_arguments:
        - disable-content-trust=true
  ScanImage:
    image: codefresh/cfstep-paclair:3.1.0
    environment:
      - CLAIR_URL=${{CLAIR_IP_ADDRESS}}
      - IMAGE=${{BUILD_IMAGE_NAME}}
      - REGISTRY_PASSWORD=${{CLAIR_PASSWORD}}
      - REGISTRY_USERNAME=${{CLAIR_USERNAME}}
      - TAG=${{CF_BRANCH_TAG_NORMALIZED}}
      - SEVERITY_THRESHOLD=critical
    on_success:
      metadata:
        set:
          - ${{Docker-Build.imageId}}:
              - CLAIR_SECURITY: true
              - CF_QUALITY: true
              - promoted: true
              # - coverage : 85%
    on_fail:
      metadata:
        set:
          - ${{Docker-Build.imageId}}:
              - CLAIR_SECURITY: false
              - CF_QUALITY: false

Topic		Replies	Views
Using docker inspect Docker	10	1622	January 25, 2020
Scaling monorepo microservices Pipeline workflows	9	1346	January 5, 2022
Need to build multiple docker images Pipeline workflows	4	1116	December 15, 2021
Failed to build when dockerfile pulls containers from github container repository Docker	3	808	July 7, 2022
Build V2 - CF_BRANCH_TAG_NORMALIZED Error Bugs	6	1925	April 7, 2020

Using Clair to scan DOCKER images for vulnerability

Related topics